My Early Experience With Azure Backup Server

In this post I want to share with you my early experience with using Microsoft Azure Backup Server (MABS) in production. I rolled it out a few weeks ago, and it’s been backing up our new Hyper-V cluster for 8 days. Lots of people are curious, so I figured I’d share information about the quality of the experience, and the amount of storage that is being used in the Azure backup vault.

What is Azure Backup Server?

Microsoft released the free (did I say free?) Microsoft Azure Backup Server last year to zero acclaim. The reason why is for another day, but the real story here is that MABS is:

The latest version of DPM that does not require any licensing to be purchased.

With the only differences being that it doesn’t do tape drives and it requires an Azure backup vault.

It is free – no; you don’t have to give yellow-box-backup vendors from the 1990s any more money for their software that was always out of date, or those blue-box companies where the job engine rarely worked once you left the building.

The key here is disk-disk-cloud. You install MABS on an on-premises machine instead of the usual server backup product. It can be a VM or a physical machine, running Windows Server (Ideally WS2012 or later to get the bandwidth management stuff).

MABS uses agents to backup your workloads to the MABS server. The backup data is kept for a short time (5 days by default) locally on disk. That disk that is used for backup must be 1.5 x the size of the data being protected … don’t be scared because RAID5 SATA or Storage Spaces parity is cheap. The disk system must appear in Disk Management on the MABS machine.

As I said, backup data is kept for a short while locally on premises. The protection policy is configured to forward data to Azure for long-term protection. By default it’ll keep 180 daily backups, a bunch of weeklies and monthlies, and 10 yearly backups – that’s all easily customized.

All management (right now) is done on the MABS server. So you do have centralized management and reporting, and you can configure an SMTP server for email alerts.

And did I mention that MABS is free? All you’re paying for here is for Azure Backup:

Instance charges based on what you are protecting in the MABS protection policies

Please note that you do not need to buy OMS or System Center to use Azure Backup (in any of it’s forms), as some wing of Microsoft marketing is trying to incorrectly state.

The Installation

Microsoft has documented the entire setup of MABS. It’s not in depth, but it’s enough to get going. The setup is easy:

Create a backup vault in Azure

Download the backup vault credentials

Download MABS

Install MABS and supply the backup vault credentials

The setup is super easy. It’s easy to configure the local backup storage and re-configure the Azure connection. And agents are easy to deploy. There’s not much more that I can say to be honest.

Create your protection groups:

What you want to backup

When you want recovery points created

How long to keep stuff on-premises

What to send to Azure

How long to keep stuff in Azure

How to do that first backup to Azure (network or disk/courier)

My Experience

Other than one silly human error on my part on day 1, the setup of the machine was error-free. At work, we currently have 8 VMs on the new Hyper-V cluster (including 2 DCs) – more will be added.

All 8 VMs are backed up to the local disk. We create recovery points at 13:00 and 18:30, and retain 7 days of local backup. This means that I can quickly restore a lost VM across the LAN from either 13:00 or 18:30 over a span of 7 days.

The protection group forwards backup of 6 of the VMs to Azure – I excluded the DCs because we have 2 DCs running permanently in Azure via a site-site VPN (for Azure AD Connect and for future DR rollout plans).

Other than that day 1 error, everything has been easy – there’s that word again. Admittedly, we have way more bandwidth than most SMEs because we’re in the same general area as the Azure North Europe region, SunGard, and the new Google data centre.

Disk Utilization

The 8 VMs that are being protected by MABS are made up of 839 GB of VHDX files. We have 7 days of short term (local disk) retention and we’ve had 8 days of protection. Our MABS server is using 1,492.42 GB of storage. Yes, that is more than 1.5x but that is because we modified the default short-term retention policy (from 5 to 7 days) and we are creating 2 recovery points per day instead of the default of 1.

We use long-term retention (Azure backup vault) for 6 of those VMs. Those VMs are made up of 716.5 GB of VHDX files. Our Azure backup vault (GRS) currently is sitting at 344.81 GB after 8 days of retention. It’s growing at around 8 GB per day. I estimate that we’ll have 521 GB of used storage in Azure after 30 days.

How Much Is This Costing?

I can push the sales & marketing line by saying MABS is free (I did say this already?). But obviously I’m doing disk-disk-cloud backup and there’s a cost to the cloud element.

I’ve averaged out the instance sizes and here are the instance charges per month:

GRS Block Block costs $0.048 per GB per month for the first terabyte. We will have an estimate 521 GB at the end of the month so that will cost us (worst case, because you’re billed on a daily basis and we only have 344 GB today) $25.

So this month, our backup software , which includes both traditional disk-disk on-premises backup and online backup for long-term retention, will cost us $25 + $60, for a relatively small $85.

The math is easy, just like setting up and using MABS.

What About Other Backup Products?

There are some awesome backup solutions out there – I am talking about born-in-virtualization products … and not the ones designed for tape backup 20 years ago that some of you buy because that’s what you’ve always bought. Some of the great products even advertise on this site 🙂 They have their own approaches and unique selling points, which I have to applaud, and I encourage you to give their sites a visit and test their free trials. So you have choices – and that is a very good thing.

Thanks Mitesh. For Azure VMs, you don’t even need MABS – just create a backup vault, create a policy, discover/register the VMs in a backup vault, and associate the VMs with the policy. The pricing is the same.

We use DPM heavily and store our long term on Azure, as Aiden described. I want to share some important obstacles we have run into so you might benefit from our experiences.
1) We had a DPM protection group with 76 Hyper-V VMs protected in it. This protection group was scheduled to send recovery points to Azure all at once. 76 proved too much and the OBEngine.exe (Microsoft Azure Recovery Services Agent) service was crashing each night, making it so I had to restart the OBEngine service and manually restart these online backups each day. By breaking up the protection group into multiple smaller protection groups (each protecting about 20 Hyper-V servers rather than 76), and scheduling them to send recovery points to Azure at different times of the evening, the issue was resolved. I do not believe this was a bandwidth issue (as we have plenty) but rather that the OBEngine service was getting overwhelmed. The errors I found in DPM each morning clearly stated that the OBEngine service failed.
2) Note that sending data to Azure costs little to nothing. But when it is time to recover from Azure, that is where MS will hit you with a bill. Cheap to upload to Azure, more expensive to download from Azure (or serve services live from Azure). Something to be aware of.

Thanks David, I’m going to ask the team about point 1 – there have been improvements both in DPM, the agent, and the backup vault.

On point 2: There is no cost for restoring data from Azure Backup via the network. There is a myth that there is – I’ve tested and read the text – there simply is no data transfer/egress data charge on Azure Backup.

Backing up VM’s seems to be pretty routine these days. My biggest challenge is backing up a large on premise file set with robust End User Recovery, utilizing the Windows built in ‘Restore Previous Version’ function. Traditional DPM supports EUR rather well. Does anyone know if EUR works in MABS as it does in DPM? As always… I really appreciate your dedication to our craft… Thanks Aidan!

We’re absolutely loving MABS. Having recently refreshed our offic ein China, we switches to MABS and are backing up locally to cheap sata and then everything to the cloud. Our monthly costs have eben reduced from $400 or so to about $75.

Looking at the numbers, I think our Canadian office will be switching over as well in the next year. I’m curious as to when the next phase of Project Venus will come online and we can control all of this centrally from the cloud….

Hi Krishna, I noticed in one of your posts that you were using MABS to back up your China offices. We have serious problems with our international internet and SIP trunking, would love to bend you ear on service providers in China

One thing to watch for is that you do need the cloud connectivity. We have one site in China where the connection to Azure can be down for day and, after a certain period of time, it starts warning us that our subscription has expired and all backups stop. This includes on-premises D2D backups as well.
So, it seems to have the Azure subscription and connectivity to the online service as a pre-requisite to doing any ongoing backups. General blips in connectivity are obviously not a problem but something more ongoing is where the issue comes in for us.

Excellent article, Aidan. Thank you !
Can you please comment on the issue of certificates ? I am backing up file shares in a Protection Group of a single server. For the Azure Online portion of the backup, my understanding is that an SSL server certificate is not necessary for a simple backup vault in Azure. Once the server is registered and the vault credential is entered just once, then I can Recover data from the vault indefinitely, despite the vault showing an “expired” certificate. Is this correct ? Is a certificate only necessary for site recovery services ?

Do you know of any options for reporting on the success of the online backups? There is no way in the GUI to see if you are backing up successfully to Azure without going to a restore. We would like to be able to setup notifications on success/failure each day and there doesn’t appear to be a way to do it.

I happen to like MABS too. But like DPM, the interface is crap. Breaks constantly. Exposes silly errors. The agents don’t install properly all the time. Sometimes you have to go to the box to manually uninstall, and then edit the database to remove them. When they clean THAT up, the solution will be spectacular.

Also, being able to use multiple DPM servers in a pool, where the backup goes to the idle one, would be nice.

They have a lot of work to do. But, they’re inheriting changes from DPM. So, maybe it will actually happen?

I’m still getting familiarized with MABS. One thing I haven’t been able to find an answer on is the following. If I backup a Windows 2012 VM to Azure using MABS, could I potentially restore that VM to a MS Azure Cloud VM? Or can I only restore that data back down to a MABS server?

Do I have to back up the Azure Backup Server machine? Server Backup is disabled on the machine, and It won’t allow me to schedule a sql backup. Is it best to make it a VM and then back up the VM? or can the Azure Backup install be reconstituted from the Azure vault?

We have VMs on premise in Hyperv 2012 R2 Cluster and others we have moved to Azure with Azure Site Recovery, i have a backup vault with backup policy that backs up VMs in Azure already. We use a brutal backup solution at moment for on premise machines and i want to use MABS connected to our Vault in Azure. Question is can i install it on Azure VM or is it best to be installed on onpremise VM. I saw a comment from someone that said if you inatall on azure VM you can only backup Azure VMs and not onpremise, which sounds odd. We are in process of moving VMs up to Azure but will take a while, we still have some physicals too. We have a Site to Site Vpn at present to Azure.

Hi Stephen – good question. You’ll need to install MABS on-premises. You can install it in a VM or a physical box. My advice is that you provision the backup storage using the cheapest disk that you can. It would be a bad idea to run MABS in Azure – the performance for protecting on-prem services would be awful. And I don’t understand why one would protect Azure VMs using MABS – Azure Backup has a native solution for protecting Azure VMs.

Very nice article. Do you know what is max throughput for restoring data from Azure if backup was done via MABS? We have petabyte scale data and I am interested in looking at this solution. Bandwidth is not an issue (10Gbps)

Also when it comes to backing up VM’s and pricing, does the host count as an instance as well as the VMs? I am only interested in backing up the VM’s – not the host.

EG, I have a single host with 2 x 100GB VMs
Is the price 2 x instances and 200GB of storage cost or 3 x instances (1 for the host) and then 2 x 100GB storage for the VMs plus 1 x 200GB (total VM storage space) for the host?

Your instances are the things you are backing up: the virtual machines.

If you are backing up the VMs, then you are backing up the disks and their contents. You are not double charged for being able to restore files from the VHD/X files. You only get additional instance charges if you install agents inside the VMs for things like SQL, Exchange, SharePoint backups.

You can restore the entire VM – it’s a VMware backup using VMware APIs. The value is that you keep a smaller amount of disk storage locally, and keep everything offsite in the cloud – dual locations + cheap long-term retention.

Archives

About this Blog

This blog serves 2 purposes. Firstly, I want to share information with other IT pros about the technologies we work with and how to solve problems we often face. I've worked with technologies from the desktop to the server, Active Directory, System Center, security and virtualisation.

Secondly, I use my blog as a notebook. There's so much to learn and remember in our jobs that it's impossible to keep up. By blogging, I have a notebook that I can access from anywhere. It has saved my proverbial many times in the past.

Waiver

Anything you do to your IT infrastructure, applications, services, computer or anything else is 100% down to your own responsibility and liability. Aidan Finn bears no responsibility or liability for anything you do. Please independently confirm anything you read on this blog before doing whatever you decide to do.